|
Risks Digest 11.49
NOTICE: TO ALL CONCERNED Certain text files and messages contained on this site deal with activities and devices which would be in violation of various Federal, State, and local laws if actually carried out or constructed. The webmasters of this site do not advocate the breaking of any law. Our text files and message bases are for informational purposes only. We recommend that you contact your local law enforcement officials before undertaking any project based upon any information obtained from this or any other web site. We do not guarantee that any of the information contained on this system is correct, workable, or factual. We are not responsible for, nor do we assume any liability for, damages resulting from the use of any information on this site.
Article 209 (1 more) in comp.risks (moderated):
From: [email protected] (RISKS Forum)
Subject:RISKS DIGEST 11.49
Message-ID: <[email protected]>
Date: 19 Apr 91 21:23:27 GMT
Sender: [email protected]
Reply-To: [email protected]
Organization: The Internet
Lines: 461
RISKS-LIST: RISKS-FORUM Digest Friday 19 April 1991 Volume 11 : Issue 49
FORUM ON RISKS TO THE PUBLIC IN COMPUTERS AND RELATED SYSTEMS
ACM Committee on Computers and Public Policy, Peter G. Neumann, moderator
Contents:
University library security, or lack thereof... (Marc Andreessen)
Re SB 266 (cryptographics) (A. Padgett Peterson)
Trap doors and such (Robert Hartman)
Senate 266; Personal Privacy (Rob Boudrie)
S. 266 (David A. Honig, David Chase)
Re: Accident statistics continued (Seduction of the innocent) (Mike Jones)
Re: Simulation: Minus heart disease (David Alex Lamb)
YABCWS (Yet Another Boy Crying Wolf Story) (Joe Morris)
Consumer Privacy article: Consumer's Reports, May 1991 (Jon B)
Re: Automated car parking? (Stephen R. Smoot, Louis Koziarz, Brian Smithson,
Scott Hinckley)
Re: Drive-by-wire (Brad Templeton)
The RISKS Forum is moderated. Contributions should be relevant, sound, in
good taste, objective, coherent, concise, and nonrepetitious. Diversity is
welcome. CONTRIBUTIONS to [email protected], with relevant, substantive
"Subject:" line. Others ignored! REQUESTS to [email protected]. For
vol i issue j, type "FTP CRVAX.SRI.COM<CR>login anonymous<CR>AnyNonNullPW<CR>
CD RISKS:<CR>GET RISKS-i.j<CR>" (where i=1 to 11, j always TWO digits). Vol i
summaries in j=00; "dir risks-*.*<CR>" gives directory; "bye<CR>" logs out.
FTPs may differ; e.g., UNIX prompts for username and password.
If you cannot access "CRVAX.SRI.COM", try Internet address "128.18.10.1".
ALL CONTRIBUTIONS CONSIDERED AS PERSONAL COMMENTS; USUAL DISCLAIMERS APPLY.
Relevant contributions may appear in the RISKS section of regular issues
of ACM SIGSOFT's SOFTWARE ENGINEERING NOTES, unless you state otherwise.
----------------------------------------------------------------------
Date: Thu, 18 Apr 91 20:33:19 -0500
From: [email protected] (Marc Andreessen)
Subject: University library security, or lack thereof...
At the risk of taking space away from the very interesting current threads in
RISKS, I'd like to relate a very interesting administrative procedure practiced
at the University of Illinois.
The U of I library, like most other university libraries, is completely
computerized; terminals in each of the three-dozen departmental libraries, as
well as other terminals in residence halls and a dedicated telnet port on one
of the university's Unix systems, allow anyone to browse through the
12-million-book collection AND check out any available book.
Now, this is mighty convenient for us busy students and researchers.
Unfortunately, this is also security-free. From a terminal or telnet
connection, one can check out a book merely by giving one's university ID
number (which, at Illinois, is always one's SSN). Then, one can go to the
appropriate central or departmental library (where library staff regularly
retrieve books from the stacks to match computer charge requests) and say
something like ``I charged out a book called _The Adventures of Foobar the
Dancing Bear_ a couple of hours ago,'' upon which the librarian will cheerfully
hand you the book in question WITHOUT CHECKING YOUR ID, since the charge has
already been processed by the central computer.
Obviously one is free to use whomever's ID (aka SSN) one pleases.
(Incidentally, when I checked out a book this afternoon from our Engineering
Library, the librarian had the book in hand when he suddenly looked at me
suspiciously and asked, ``What's your ID number?'' I rattled it off. He
checked it against the computer printout and, satisfied, gave me the book.) Of
course, the minimum fine for a nonreturned book is $50, which - like an overdue
fine - is automatically billed to one's Student Accounts Receivable.
Marc
Marc Andreessen___________University of Illinois Materials Research Laboratory
Internet: [email protected]____________Bitnet: andreessen@uiucmrl
------------------------------
Date: Fri, 19 Apr 91 11:05:53 -0400
From: padgett%[email protected] (A. Padgett Peterson)
Subject: U.S. Senate 266, Section 2201 (cryptographics) (RISKS-11.43)
Bill Murray writes:
>The referenced language requires that manufacturers build trap-doors
>into all cryptographic equipment...
While the language appears to provide access to law enforcement agencies,
the effect will be to simply drive all US manufacturers out of the crypto
business. The reason people and companies buy secure communications equipment
if for secure communications. The reason they buy a particular manufacturer's
device is because it satisfys the requirement (quantum) and is at the lowest
available overall cost (linear) or provides some other advantage (may be
either). If the quantum requirement is not met by one device/method, another
will be chosen (in this case, none is a choice).
DES became a standard because it was considered to be adequate and devices
using it were cost-effective and fast. Should such a bill pass, the market will
simply turn to other solutions. PCs make alternatives easy and a true code
could be considerably more difficult to break than the DES.
Padgett
------------------------------
Date: Fri, 19 Apr 91 20:05:02 GMT
From: [email protected] (Robert Hartman)
Subject: Trap doors and such (Leichter, RISKS-11.48)
Actually, I don't think there's anything to debate. If it is technically
possible to create cryptographic systems that a government cannot break, people
will create them and people will use them. Governments most of all.
A government can only slow the process by which they become more widely used.
------------------------------
Date: Fri, 19 Apr 91 14:29:49 EDT
From: Rob Boudrie <rboudrie@encore.com>
Subject: Senate 266; Personal Privacy
Although US citizens have a right against self incrimination, it is unlikely
that this right extends to withholding cryptographic keys encoding potentially
embarassing or incriminating information. The courts would likely hold that
you can be forced (under threat of being jailed for contempt of court) to
disclose the keys to your files, much the same way you can be compelled to
produce possibly embarrassing or incriminating paper files without violating
the right of protection against self incrimination.
So what is the concerned individual or business to do?
Establish a well documented, and publicized, policy of encoding numerous
"dummmy files" (perhaps using man pages as source text) using your standard
encryption algorithm, with random keys which are not recorded. This will
produce a *DOCUMENTED SITUATION* in which you are not able to product
decryption keys for the majority of your files, even if you wanted to.
[Of course you'd better check with your attorney first - any action
designed to make it more difficult to penetrate your veil of privacy may
be illegal.]
Rob Boudrie rboudrie@encore.com
------------------------------
Date: Thu, 18 Apr 91 18:24:54 -0700
From: "David A. Honig" <[email protected]>
Subject: S. 266 Query
Suppose that the strongest sense of the bill were law: no one could sell
crypto equipment that the government couldn't crack. Ok, the government
regulates trade, so they can do this.
But could they prevent public-domain sharing of code that accomplishes
the same? It would seem that sharing information freely is protected
by the constitution. Shareware couldn't be construed as "obscene", even
in the most backwards parts of the Carolinas...
Would the "national interest" cries be listened to, even though the Soviets (or
Panamanians or Iraqis or dope capitalists or whoever) surely are aware of
superior, if expensive, encryption methods (eg, 100 bit DES or 1000 bit RSA)??
------------------------------
Date: Fri, 19 Apr 91 12:24:02 PDT
From: [email protected] (David Chase)
Subject: S. 266
I'm a little curious if there will be any point to this bill at all in a few
years. It burdens the service and equipment providers with the reponsibility
of permitting the government access to the plain text, but that seems to leave
a gaping hole between the modem and my fingers and mouth. Is my
Amiga/Macintosh/Next/PC/Sun "electronic communications equipment"?
A few notes that might be relevant here -- the basic patent on RSA encryption
must be running out in a few years, because they published their method in
April 1977. Seventeen years from then is April, 1994 (plus one for the US
patent grace period is 1995). The most recent issue of _Computer Architecture
News_ (March, 1991) contains an article describing a 200Kbit/second, 512 bit
key, RSA encryption and decryption implementation (the implementation used
three "Programmable Active Memory" boards). One can only assume that the
hardware required to implement this will get cheaper in the future.
Public key encryption also has the delightful property that the sender need not
know how to decrypt the message sent; you can hand all your keys and equipment
to the Authorities, and the most that they can do is spoof your messages.
Sounds to me like the horse is out of the barn and long gone.
David Chase, Sun
------------------------------
Date: Fri, 19 Apr 91 14:12:02 -0400
From: [email protected] (Mike Jones)
Subject: Re: Accident statistics continued (Smee, RISKS-11.45)
There is a risk here which is facilitated but not caused by computers. This
study appears to be prone to the "Seduction of the Innocent" fallacy. This
book, written by one Dr. Frederic Wertham in the 1950's, propounded comic
books as the root of all evil based on the high correlation between juvenile
delinquency and comic books - i.e., about 95% of J.D.'s read comic books.
The omitted information was that about 95% of *all* young people read comic
books at the time. I wonder, in this survey, whether the items quoted above
mean that drivers who described themselves as above average are more likely
to have accidents, or that drivers who have many accidents are more likely
to describe themselves as above average - the relationship is *not*
commutative!
Mike Jones, AIX Development, Kingston, NY ibmps2!aix!mjones
------------------------------
Date: 17 Apr 91 13:44:21 GMT
From: [email protected] (David Lamb)
Subject: Re: Re: Simulation: Minus heart disease (Cooper, RISKS-11.47)
An interesting point; increasing speed can increase the risk of not thinking
about what you're doing. I've heard at least one netflamer say he'd like to
have an option on his mail that automatically delayed sending it for a few
hours, then asked him if he'd really still like to send it. There's an old
science fiction short story by Cyril Kornbluth (possibly co-authored; my
collection is 500 miles away) called something like "Education among the
Camiroi", where one of the educators' goals was to *reduce* students' reading
speeds, so they'd get better comprehension of the material.
David Alex Lamb internet: [email protected]
------------------------------
Date: Fri, 19 Apr 91 16:11:46 EDT
From: Joe Morris <[email protected].org>
Subject: YABCWS (Yet Another Boy Crying Wolf Story)
With all of the complaints RISKers have about systems which can acquire data
about users' financial situation without telling the customer, we need to
remember that the notifications sent by a properly-designed system must be both
timely and correct. This morning's mail included an example of a notice which
fails the test.
I've had an American Express card for several years; the only basic change
which has been made to the account in this time has been an address change
eight years ago, and an *involuntary* change in the bank which services the
Express Cash feature. This bank change occurred last June (ten months ago)
because the original bank no longer participated in the program. Without
offering other options AX reassigned the account to its internal bank (American
Express Centurian Bank).
The notice I received this morning was a prepackaged self-mailer; the note
inside had a check against the box which said "[This is a] confirmation of the
change you requested in your enrollment in the Express Cash program." It did
not say what that change was; it didn't even have a place for that data.
Since I hadn't asked for any changes I called AX at the number on the notice
(bonus points to AX for printing the WATS number). After talking to six people
and listening to the usual elevator music, I was told that:
(1) the notice was generated because someone at Centurian had changed the
routing symbol used in processing bank transactions,
(2) I should ignore the notice, and
(3) I was being very unreasonable in complaining about being sent a spurious
notice that an unrequested change had been made in my account.
Clearly someone's program is generating this mailer if *any* of the base
account information block changes, even if the change originated completely
within the vendor, and the change was in internal control information.
AX deserves credit for trying to notify its customers of changes made to their
accounts, but the outright hostility I encountered in trying to chase down the
reason for the notice worries me.
The law, in both the US and elsewhere, seems to be moving in a direction which
places significant liability on credit vendors for damages (real or imagined)
caused by bad data. (Not far enough IMHO.) Over the years RISKers and other
professionals have expressed concern about the posting of incorrect,
misleading, out-of-date, or just plain fraudulent information in customer
credit files. I suggest that at the same time that we push the issue of making
sure that the customer knows what has been put into the data base that we need
to strongly pressure vendors not to play the central character in the old fable
of the boy who cried "WOLF".
Joe Morris
------------------------------
Date: Fri, 19 Apr 91 10:04 EST
From: <[email protected]>
Subject: Consumer Privacy article: Consumer's Reports, May 1991
In the latest issue of Consumer's Reports (May '91, pp 356-60), there is
an excellent article on the consumer credit databases on what appears to be
90% of adults in this country. These databases are regularly shared or sold
to targeting advertisers, or referenced during loan/credit card/insurance
applications. There are statistics on errors, examples of damaging mistakes,
and addresses for contacting to minimize the availability of your files.
For instance, to get a copy of your file that insurance companies and doctors
seem to be able to reference upon request, write to the Medical Information
Bureau, P.O. Box 105, Essex Station, Boston, Mass 02112. The information
provided may not be anything interesting or damaging (or legible, for that
matter) but can stop you from getting insurance for seemingly unapplicable
reasons.
To get a copy of your "credit rating information" you must write to all three
of the major credit bureaus. The report you receive will contain mistakes and
none of the reports from the three of them will match. Furthermore, they will
all be impossible to understand. Write to:
Eqifax
P. O. Box 4081
Atlanta, GA, 30302
(404) 885 8000
Trans Union
East: P.O. Box 360
Phillie, PA 19105
(215) 569 4582
Midwest:Consumer Relations
Louisville, KY 40202
(502) 584 0121
West: P.O. Box 3110
Fullerton, CA 92634
(714) 738 3800
TRW Credit Data
National Consumer Relations Center
12606 Greenville Ave
P.O. Box 749029
Dallas, TX 75374-9029
(214) 235 1200 x251
To reduce the number of legitimate direct mail marketing you receive, by making
your database unavailable (to the scrupulous), write to:
Direct Marketing Assn
11 W 42 St
P.O. Box 3861
New York, NY 10163-3861
As an aside, the book seems to indicate that these places don't make it easy,
since they have no problems when your database is incorrect. If you stick you
nose out, they might start giving you a hard time. Good way to ensure that
everyone remains a sheep, I think.
A book is recommended called "Privacy in America" by David F Linowes, by
University of Illinois Press.
Jon
------------------------------
Date: Tue, 16 Apr 91 18:50:07 -0700
From: [email protected] (Stephen R. Smoot)
Subject: Re: automated car parking? (RISKS 11.47)
In RISKS 11.47, [email protected] (Alayne McGregor) writes:
> The representative said the car is a test prototype built by Volkswagen of
> America. It can sense whether a parking space is large enough, and place itsel f
> in the spot with only inches to spare on either side. The driver does not need
> to be in the car.
Adding a not-so-new, but increased, RISK of being the poor person whose
old-fashioned car becames sandwiched between two new Volkswagen's which can
park "with only inches to spare."
And even worse, their fate as the cars become more and more common, causing
city planners to decrease the size of parking spaces. Which makes the
situation even more likely...
------------------------------
Date: Wed, 17 Apr 91 00:22:47 -0500
From: [email protected] (Louis Koziarz)
Subject: Re: automated car parking?
>The representative said the car is a test prototype built by Volkswagen of
>America. It can sense whether a parking space is large enough, and place itself
>in the spot with only inches to spare on either side. The driver does not need
^^^^^^^^^^^^^^^
Gee, that's nice. So you can park in relative peace and come back to find
the guy with the beater in front of you has repeatedly bashed in your front
bumper trying to get out. Thanks, but no thanks...
Louis Koziarz University of Illinois Urbana/Champaign [email protected]
------------------------------
Date: 18 Apr 91 02:47:30 GMT
From: [email protected] (Brian Smithson)
Subject: Re: automated car parking?
I saw a similar demonstration of a prototype from another manufacturer (can't
remember which) on Motorweek '91 (PBS).
>I wonder who would be liable if the car software bashed the next car while
>parking, or if it ran over a cat, dog, or child on its approach. One would
>think the location and range of the sensors would be very important.
This one has, as I suspect the VW does too, four wheel steering. Four wheel
steering allows the car to be parked with very little space between it and the
adjacent cars. What I wondered was how the poor sap behind or in front of such
a car would get out? Suppose someone puts their brand new '96 VW in front of
my '72 Galaxie and leaves me 2 inches of clearance. I wouldn't be worried
about the *software* causing some dents! :-)
Brian Smithson, Motorola Inc., Commercial Systems Division, 10700 N.DeAnza Blvd
Cupertino, CA 95014 USA, (408)366-4104 {apple | pyramid}!motcsd!brian
------------------------------
Date: 18 Apr 91 14:36:13 GMT
From: [email protected] (Scott Hinckley)
Subject: Re: automated car parking?
I have always wondered about another risk this poses:
assume these are marketed
assume there are no new parking zones made
assume you in your non-self-park car get blocked in by two self-parked
Now, how in the heck are you going to get out if there are just a few inches in
front and back of you?
This would perhaps necessitate the creation of self-park-only zones.
<<<<<<<<<<<Scott Hinckley<<<<<<<<<<<<>>>>>>>>>>VW&Apple][Forever!!!>>>>>>>>>>
Internet:[email protected]|UUCP:...!uunet!uw-beaver!bcsaic!hsvaic!scott
------------------------------
Date: Thu, 18 Apr 91 17:12:37 EDT
From: [email protected] (Brad Templeton)
Subject: Re: drive-by-wire
I have serious doubts that we will see such a system for some time -- not
until we are truly forced into it.
People simply refuse to tolerate death by computer error. It seems they
would gladly take ten times the amount of death by human error first, or
death by their own error.
Any computerized traffic system would have some bugs, and thus some deaths.
But even if traffic deaths are reduced from 10,000 to 100, and likewise for
injuries, the problem is that a computerized traffic system creates somebody
else to blame, other than yourself and the other drivers.
Lawsuits will seek out the vendors. Every accident in the automatic system
will mean a costly lawsuit -- possibly millions of dollars -- for the vendor
of the cars and systems, as well as the operators of the roads and the traffic
authorities.
Our current system depends on the fact that most people never get properly
compensated, or that the compensation is spread out among thousands of drivers
and their insurance companies. To concentrate it all in a few parties, even
at a level orders of magnitude less, is probably more than any firm can bear.
People feel they are in control on the road. Even if somebody else causes
an accident, they like to feel they might have the power to avoid it with
sharp driving.
This is sad, and perhaps the greatest RISK (in terms of loss of life) ever.
Tens of thousands of people are killed and more are injured by auto accidents,
and this system could make a dramatic reduction in this. We have the
technology now to do it, but we won't for some time because of fear of
computers and litigation.
------------------------------
End of RISKS-FORUM Digest 11.49
************************
[7mEnd of article 209 (of 210)--what next? [npq][m
|
|
